Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b48bfd-797d-47a9-8a62-44313b43e594/1/PFi8UqEs0Ce2jyKlXcQsmaVNy0Q.roa
File:                     PFi8UqEs0Ce2jyKlXcQsmaVNy0Q.roa (raw, json)
Hash identifier:          EuK+aiouSE9l8DmSMYUXvpay7owoB5D7UbVEhjSaVSk=
Subject key identifier:   3C:58:BC:52:A1:2C:D0:27:B6:8F:22:A5:5D:C4:2C:99:A5:4D:CB:44
Certificate issuer:       /CN=64c0bc594af811753dfc116af459b1b874471489
Certificate serial:       019C7C2E7BAD8C951A8DF1676987D1FE6CA7
Authority key identifier: 64:C0:BC:59:4A:F8:11:75:3D:FC:11:6A:F4:59:B1:B8:74:47:14:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZMC8WUr4EXU9_BFq9FmxuHRHFIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b48bfd-797d-47a9-8a62-44313b43e594/1/PFi8UqEs0Ce2jyKlXcQsmaVNy0Q.roa
Signing time:             Fri 20 Feb 2026 17:52:26 +0000
ROA not before:           Fri 20 Feb 2026 17:52:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        185.30.212.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b48bfd-797d-47a9-8a62-44313b43e594/1/ZMC8WUr4EXU9_BFq9FmxuHRHFIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b48bfd-797d-47a9-8a62-44313b43e594/1/ZMC8WUr4EXU9_BFq9FmxuHRHFIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZMC8WUr4EXU9_BFq9FmxuHRHFIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 02:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7c:2e:7b:ad:8c:95:1a:8d:f1:67:69:87:d1:fe:6c:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64c0bc594af811753dfc116af459b1b874471489
        Validity
            Not Before: Feb 20 17:52:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3c58bc52a12cd027b68f22a55dc42c99a54dcb44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:81:11:f1:4b:50:ea:b2:f6:ca:b2:67:29:a2:
                    f7:8d:25:c2:3b:ed:22:f6:87:01:a6:b3:6f:42:76:
                    d4:09:32:4d:ef:35:3d:4c:7c:34:b0:b7:2a:e0:db:
                    c4:1c:eb:31:df:af:82:c2:df:1d:81:ec:6b:7d:aa:
                    95:11:6e:09:9d:ac:f4:8c:d8:ec:43:e4:d4:7d:ed:
                    80:75:ef:25:89:63:c1:ce:cd:e3:73:7d:53:f4:af:
                    68:f2:31:10:7a:e9:ef:e1:06:4d:76:20:60:9a:b5:
                    dd:35:48:e6:84:3a:46:d1:9b:7a:62:e0:c3:f0:f1:
                    5a:cc:6b:19:2a:e2:22:b2:6a:66:29:ee:a9:9f:4c:
                    c7:e2:89:31:c0:ad:4f:ff:8d:76:44:7b:78:f0:8c:
                    ad:5a:42:83:d4:ce:b1:91:4c:db:99:b0:91:2c:7e:
                    8e:4b:2e:f6:56:90:41:7a:ca:b1:70:48:f4:79:11:
                    9a:4b:a6:5d:e7:d4:ab:4e:13:5e:6a:5e:7d:ce:f1:
                    35:5e:95:fe:6b:82:da:09:71:f1:8e:69:63:e9:03:
                    82:5c:0c:2e:6e:07:0a:32:52:cc:42:81:af:2c:98:
                    88:c6:b7:ef:06:b0:37:a2:d8:f4:de:20:ed:c5:7c:
                    0a:c5:0a:f2:cb:45:04:11:08:3b:1d:43:66:e8:7e:
                    68:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:58:BC:52:A1:2C:D0:27:B6:8F:22:A5:5D:C4:2C:99:A5:4D:CB:44
            X509v3 Authority Key Identifier:
                keyid:64:C0:BC:59:4A:F8:11:75:3D:FC:11:6A:F4:59:B1:B8:74:47:14:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZMC8WUr4EXU9_BFq9FmxuHRHFIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b48bfd-797d-47a9-8a62-44313b43e594/1/PFi8UqEs0Ce2jyKlXcQsmaVNy0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b48bfd-797d-47a9-8a62-44313b43e594/1/ZMC8WUr4EXU9_BFq9FmxuHRHFIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:ef:9a:1c:ea:a0:60:d0:a3:6e:19:10:52:b6:22:f2:60:d6:
         1a:12:b7:ad:09:51:42:16:0c:3a:44:be:9a:6a:06:1f:4e:74:
         52:69:5c:e2:1d:80:c5:42:88:4b:5d:73:cd:44:13:bf:64:b6:
         e1:23:14:42:e4:a5:29:67:75:d1:63:44:83:b5:5a:74:1c:f3:
         35:84:1b:ee:da:bb:3e:ee:b0:96:1b:db:6d:88:a9:5d:ae:82:
         21:15:24:43:68:cd:bf:36:ad:b1:c5:3d:1d:dc:5c:35:7f:9b:
         f4:83:17:27:1e:26:29:95:d3:85:c2:17:ce:f5:ba:82:e1:38:
         ce:48:06:c3:35:13:bb:7a:e2:15:17:58:9b:db:d0:50:d4:be:
         26:4a:6d:a4:40:fe:9b:f3:fc:1f:cb:f3:8e:54:f2:e8:36:0c:
         b5:18:35:9b:44:0e:5c:39:5f:b4:02:8d:df:57:52:31:09:48:
         72:f8:01:cc:24:29:14:8b:5e:0e:93:47:60:cc:c7:52:b8:95:
         0a:b5:48:f8:b7:a9:6e:58:83:97:53:15:32:f8:f0:7c:2d:6f:
         d8:99:ee:96:6f:76:93:4d:f7:16:d6:8d:cb:87:4d:90:7b:b1:
         bf:75:03:bd:4d:94:d8:7b:0b:bd:f4:d6:c1:ef:de:00:9e:e5:
         3d:53:db:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx8LnutjJUajfFnaYfR/mynMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0YzBiYzU5NGFmODExNzUzZGZjMTE2YWY0NTliMWI4NzQ0
NzE0ODkwHhcNMjYwMjIwMTc1MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzU4YmM1MmExMmNkMDI3YjY4ZjIyYTU1ZGM0MmM5OWE1NGRjYjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3oER8UtQ6rL2yrJnKaL3jSXCO+0i
9ocBprNvQnbUCTJN7zU9THw0sLcq4NvEHOsx36+Cwt8dgexrfaqVEW4Jnaz0jNjs
Q+TUfe2Ade8liWPBzs3jc31T9K9o8jEQeunv4QZNdiBgmrXdNUjmhDpG0Zt6YuDD
8PFazGsZKuIismpmKe6pn0zH4okxwK1P/412RHt48IytWkKD1M6xkUzbmbCRLH6O
Sy72VpBBesqxcEj0eRGaS6Zd59SrThNeal59zvE1XpX+a4LaCXHxjmlj6QOCXAwu
bgcKMlLMQoGvLJiIxrfvBrA3otj03iDtxXwKxQryy0UEEQg7HUNm6H5otwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDxYvFKhLNAnto8ipV3ELJmlTctEMB8GA1UdIwQY
MBaAFGTAvFlK+BF1PfwRavRZsbh0RxSJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk1DOFdVcjRFWFU5X0JGcTlGbXh1SFJIRklrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNDhiZmQtNzk3ZC00N2E5LThhNjIt
NDQzMTNiNDNlNTk0LzEvUEZpOFVxRXMwQ2UyanlLbFhjUXNtYVZOeTBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNDhiZmQtNzk3ZC00N2E5LThhNjItNDQzMTNiNDNlNTk0
LzEvWk1DOFdVcjRFWFU5X0JGcTlGbXh1SFJIRklrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuR7UMA0G
CSqGSIb3DQEBCwUAA4IBAQBF75oc6qBg0KNuGRBStiLyYNYaEretCVFCFgw6RL6a
agYfTnRSaVziHYDFQohLXXPNRBO/ZLbhIxRC5KUpZ3XRY0SDtVp0HPM1hBvu2rs+
7rCWG9ttiKldroIhFSRDaM2/Nq2xxT0d3Fw1f5v0gxcnHiYpldOFwhfO9bqC4TjO
SAbDNRO7euIVF1ib29BQ1L4mSm2kQP6b8/wfy/OOVPLoNgy1GDWbRA5cOV+0Ao3f
V1IxCUhy+AHMJCkUi14Ok0dgzMdSuJUKtUj4t6luWIOXUxUy+PB8LW/Yme6Wb3aT
TfcW1o3Lh02Qe7G/dQO9TZTYewu99NbB794AnuU9U9vo
-----END CERTIFICATE-----